OpenSSL
vulnerabilities
were
disclosed
on
March
19,
2015
by
the
OpenSSL
Project.
OpenSSL
is
used
by
IBM
Rational
RequisitePro.
RequisitePro
has
addressed
the
applicable
CVEs.
CVE(s): CVE-2015-0209, CVE-2015-0286 and CVE-2015-0289
Affected
product(s)
and
affected
version(s):
IBM
Rational
RequisitePro
versions:
Version
Status
7.1.4
through
7.1.4.7
Affected
7.1.3
through
7.1.3.14
Affected
7.1.2
through
7.1.2.17
Affected
7.1.1.x
(all
versions)
Affected
Not
all
deployments
of
Rational
RequisitePro
use
OpenSSL
in
a
way
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
SDK
Java™
Technology
Edition,
Version
7SR8,
that
is
used
by
Rational
Automation
Framework.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
January
2015.
This
bulletin
also
addresses
the
“FREAK:
Factoring
Attack
on
RSA-EXPORT
keys"
TLS/SSL
client
and
server
vulnerability.
CVE(s): CVE-2015-0410 and CVE-2014-6593
Affected
... [ + Read more ]

The
Logjam
Attack
on
TLS
connections
using
the
Diffie-Hellman
(DH)
key
exchange
protocol
affects
Rational
Service
Tester.
There
are
also
multiple
vulnerabilities
in
IBM
SDK
Java
Technology
Edition,
Version
1.7
that
is
used
by
Rational
Service
Tester.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
... [ + Read more ]

The
Logjam
Attack
on
TLS
connections
using
the
Diffie-Hellman
(DH)
key
exchange
protocol
affects
Rational
Service
Tester.
There
are
also
multiple
vulnerabilities
in
IBM
SDK
Java
Technology
Edition,
Version
1.7
that
is
used
by
Rational
Service
Tester.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
... [ + Read more ]

The
Logjam
Attack
on
TLS
connections
using
the
Diffie-Hellman
(DH)
key
exchange
protocol
affects
Rational
Performance
Tester.
There
are
also
multiple
vulnerabilities
in
IBM
SDK
Java
Technology
Edition,
Version
1.7
that
is
used
by
Rational
Performance
Tester.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM
Runtime
Environment
Java
Technology
Edition,
Version
6
Service
Refresh
16
Fix
Pack
3
and
earlier
releases,
that
is
used
by
Rational
Synergy.
These
issues
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
April
2015.
CVE(s): CVE-2015-0488 and CVE-2015-0478
Affected
product(s)
and
affected
version(s):
·
Rational
Synergy
release
... [ + Read more ]

The
Rational
Insight
is
shipped
with
a
version
of
the
Apache
Tomcat
web
server
which
contains
a
security
vulnerability
that
could
have
a
potential
security
impact.
CVE(s): CVE-2014-0227
Affected
product(s)
and
affected
version(s):
Rational
Insight
1.1.1.3,
1.1.1.4,
1.1.1.5,
1.1.1.6
and
1.1.1.7
Refer
to
the
following
reference
URLs
for
remediation
and
additional
vulnerability
details:
Source
Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21883050
X-Force
Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/100751
... [ + Read more ]

There
are
multiple
vulnerabilities
in
IBM®
Runtime
Environment
Java™
Technology
Edition
that
is
used
by
ClearQuest
Eclipse
client,
ClearQuest
Web
and
ClearQuest
EmailRelay.
These
were
disclosed
as
part
of
the
IBM
Java
SDK
updates
in
January
2015.
CVE(s): CVE-2014-6593, CVE-2015-0383 and CVE-2015-0410
Affected
product(s)
and
affected
version(s):
ClearQuest
Eclipse
clients
on
HP
for
ClearQuest
v7.1
and
v7.1.1
... [ + Read more ]